roots / trellis

WordPress LEMP stack with PHP 8.2, Composer, WP-CLI and more
https://roots.io/trellis/
MIT License
2.5k stars 608 forks source link

Feature request: Validate SSL provider name #963

Closed partounian closed 2 years ago

partounian commented 6 years ago

Submit a feature request or bug report

Replace any X with your information.


What is the current behavior?

Doesn't throw an error (edit: if provider name misspelled, or if provider doesn't exist)

What is the expected or desired behavior?

It should error check for the different SSL options

Also running tags letsencrypt doesn't work alone, it requires you to run nginx if you have not previously dhparams

fullyint commented 6 years ago

Validate SSL provider name

I'm inclined to fold the question of validating SSL provider names into the Trellis project goal of improving organization of SSL-related ansible roles and extensibility (e.g., #893, #896).

I think this validation is more complex than simply checking whether ssl.provider in ['letsencrypt', 'manual', 'self-signed'] (built in providers) because we likely want to accommodate third-party SSL roles offering additional provider names.

For example, typisttech/trellis-cloudflare-origin-ca role uses provider: cloudflare-origin-ca. If such roles were to use the same name for the role and the provider, Trellis could validate ssl.provider in role_names (role_names is an Ansible magic var).

--tags letsencrypt

Also running tags letsencrypt doesn't work alone, it requires you to run nginx if you have not previously dhparams

Thanks for catching this. The letsencrypt tag for the dhparams task is long overdue. Fixed in #964.

tangrufus commented 6 years ago

Forcing the role name to be the same as ssl provider name could be an issue for galaxy roles because users could name the galaxy role to whatever they want.

- src: TypistTech.trellis-cloudflare-origin-ca
  version: 0.6.0
  name: whatever-i-want

Not so ideal solution:

Tag the role with wordpress-setup.

# server.yml
    - { role: TypistTech.trellis-cloudflare-origin-ca, tags: [cloudflare-origin-ca, wordpress-setup], when: sites_using_cloudflare_origin_ca | count }
swalkinshaw commented 2 years ago

Closing since this hasn't proven to be much of an issue over the years and there's issues implementing a simple fix as detailed above.